... | ... | @@ -2125,6 +2125,7 @@ Directory standard). |
|
|
* [phpLDAPadmin][]: like [phpMyAdmin][] but for LDAP, for "power users",
|
|
|
long history of critical security issues
|
|
|
* [web2ldap][]: web interface, python, still maintained, not exactly intuitive
|
|
|
* [Fusion Directory](https://www.fusiondirectory.org/)
|
|
|
|
|
|
[phpMyAdmin]: https://www.phpmyadmin.net/
|
|
|
[ldap-user-manager]: https://github.com/wheelybird/ldap-user-manager
|
... | ... | @@ -2157,7 +2158,11 @@ using the [django-auth-ldap][] authentication plugin. |
|
|
* [FreeIPA][]: similar, except built on top of 389 DS, the Fedora
|
|
|
LDAP thing
|
|
|
* [Authelia][]: single sign-on, 2fa, OIDC connect
|
|
|
* [Authentik][]: single sign-on, 2fa, OIDC, SAML, LDAP, proxy, metrics
|
|
|
* [Authentik][]: single sign-on, 2fa, OIDC, SAML, LDAP, proxy,
|
|
|
metrics
|
|
|
* [LemonLDAP-ng](https://lemonldap-ng.org/), [packaged in Debian](https://tracker.debian.org/pkg/lemonldap-ng)
|
|
|
|
|
|
See also [mod_auth_openidc](https://github.com/OpenIDC/mod_auth_openidc) for an Apache module supporting OIDC.
|
|
|
|
|
|
A solution could be to deploy Keycloak or some SSO server on *top* of
|
|
|
the current LDAP server to provide other applications with a single
|
... | ... | @@ -2167,6 +2172,23 @@ swap ud-ldap out if we need to, replacing bits of it as we go. |
|
|
[Authelia]: https://www.authelia.com/
|
|
|
[Authentik]: https://goauthentik.io/
|
|
|
|
|
|
#### Keycloak
|
|
|
|
|
|
Was briefly considered at Debian.org which ended up using GitLab as an
|
|
|
identity provider (!). Concerns raised:
|
|
|
|
|
|
* [this post](https://lists.debian.org/debian-project/2020/04/msg00006.html) mentions "jboss" and:
|
|
|
- no self service for group or even OIDC clients
|
|
|
- no U2F (okay, GitLab also still needs to make the step to webauthn)
|
|
|
|
|
|
See also [this discussion](https://lists.debian.org/debian-project/2020/04/msg00000.html) and [this one](https://lists.debian.org/debian-devel/2017/08/msg00465.html).
|
|
|
|
|
|
#### LemonLDAP
|
|
|
|
|
|
https://lemonldap-ng.org/
|
|
|
|
|
|
* has a GPG plugin
|
|
|
|
|
|
### Others
|
|
|
|
|
|
* [LDAP synchronization connector][]: "Open source connector to
|
... | ... | |